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2A(Amended). A project management system for managing operations of an enterprise, said 
systesp comprising: 

centralized server computer, said server computer being configured to execute a project 
manager deposed to (a) create projects for said enterprise wherein ones of said projects are 
based upon pr°j ect management trees containing one or more data objects disposed to 
cooperatively efil^ct project management functions, (b) define one or more organizational entities 
within the enterprise, (c) define one or more user groups associated with each of the 
organizational entities^and (d) define one or more users associated with each of the user groups; 
and 

at least one user computer configured to log on to said centralized server computer and 
access said project manager. 



REMARKS 

Claims 1-30 are pending in the application. By this Amendment Applicant has amended 

claims 1 and 27 in order to further define the present invention. Attached hereto is a marked-up 

version of the changes made to the claims by the current Amendment. The attached page is 

captioned "VERSION WITH MARKINGS TO SHOW CHANGES MADE. 

In the above Office Action, the Examiner has rejected claims 1-12, 18-22 and 27-30 

under 35 U.S.C. §103(a) as being unpatentable over U.S. Patent No. 5,911,143 issued to 

Deinhart et al. ("Deinhart") in view of U.S. Patent No. 6,308,164 Bl issued to Nummelin et al 

(''Nummelin"). A portion of the Examiner's characterization of Deinhart made in support of the 

outstanding rejection of claim 1 is set forth below: 

Deinhart renders obvious independent claim 1 by the following: 

a project manager server from a computer network" taught by Deinhart at col. 1 
lines 7-18; 

. .,one or more organizational,. . taught by Deinhart at col. 7 lines 16-30; 
". . one or more user groups,. . ." taught by Deinhart at col. 7 lines 16-30; 

Applicant respectfully observes that the cited portions of Deinhart fail to describe or 

suggest any aspect of the inventive method for managing enterprise operations. In general, 

Deinhart describes a method and system for registration, authorization and control of access 

rights in a computer system. As such, the Deinhart system is not concerned with enterprise 

management, and hence is inapposite to the claimed invention. 
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Turning to the first element of claim 1, the Examiner alleges that the recitation of a 
project manager server from a computer network is described by Deinhart at col. 1, lines 7-18. 
However, Deinhart does not appear to describe or suggest a project management server within 
the cited passage: 

The present invention relates to the technical field of role-based access control methods 
and security systems in distributed and centralized computer systems. More specifically, 
the invention relates to a method for controlling access rights of subjects on objects in a 
computer system by controlling said access rights dependent on a membership of a 
subject to a role. Furthermore, the invention relates to a system for registration, 
authorization, and control of access rights of subjects on objects in a computer system, 
wherein the system comprises users, groups, and access control lists at each object 
providing the access rights on the respective object. 

Applicant observes that the above is not concerned with enterprise management, project 
management, or a project management server as claimed. Instead, the above relates to the 
registration, authorization and control of access rights, and hence does not correspond to the first 
element of claim 1. 

Turning to the next element of claim 1, the Examiner indicates that the recitation of "one 
or more organizational" is taught by Deinhart at col. 7, lines 16-30. As an initial matter, 
Applicant notes that the entire claimed element reads as defining one or more organizational 
entities within the enterprise. That is, claim 1 contemplates defining one or more organizational 
entities, in addition to the mere existence of the entities themselves. Applicant observes that 
neither the cited passage nor any other portion of Deinhart describes a technique for defining one 
or more organizational entities. Although Deinhart mentions the term "organization" within the 
cited passage, this is made with reference to a conventional "enterprise organization" and in no 
way describes or suggests defining one or more organizational entities. In contrast, in a 
particular embodiment of the invention a system user is permitted to specify various attributes of 
an applicable organizational entity (e.g., address, phone number) subsequent to successful 
completion of a log-on process. See, e.g., the present specification at page 34, lines 17-27 and 
page 49, lines 12-24. 

The Examiner similarly indicates Deinhart describes "one or more user groups" at col. 7, 
lines 16-30. Again, however, claim 1 recites defining one or more user groups associated with 
each of the organizational entities. That is, the present invention enables the creation of such 
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user groups. A particular implementation of this functionality is summarized in the present 
specification as follows: 
User Groups 

This feature enables one to create User Groups for the company. A User Group, 
as the name implies, is a group of users that are associated in some way. For instance, 
you may create a User Group for Marketing and one for Purchasing. Users can assign 
users to more than one group at a time. The User Groups will be used in the Permissions 
feature. 
[48:9-13] 

Because the Deinhart system is not directed to enterprise management, Deinhart fails to describe 
or suggest any analogous mechanism for defining or otherwise creating user groups. In 
particular, the cited portion of Deinhart (i.e., col. 7, lines 16-30) does not appear to suggest the 
definition of user groups, and instead merely describes the manner in which Deinhart ostensibly 
enables association of access rights and the like with particular job positions of an enterprise 
organization: 

The FIG. 2A gives an overview for the method of role type instantiation. Persons 5 that 
are users of an enterprise computer system are employees acting in assigned job positions 
6. Each job position 6 is associated with a set of functional tasks and, thus, these tasks are 
associated with users in the enterprise organization hierarchy. Each task requires a set of 
competencies, which can be viewed as a set of specific access rights to a set of objects 4 
necessary to carry out that task. Hence, each job position 6 ultimately associates a user 
with specific access rights to a set of objects 4. Thus, a security administrator must be 
able to associate these rights, objects, and transactions with the job positions of the 
enterprise organization. To enable this, the concepts of role types and role instances are 
defined. 

It is clear that the above does not suggest the claimed defining of user groups nor the association 

thereof with organizational entities. 

With regard to the next element of claim 1, the Examiner indicates that the recitation of 

"defining one or more users associated" is taught by Deinhart at col. 1, lines 13-18. As discussed 

above, Deinhart does not describe the formation of user groups, and also does not describe or 

suggest defining one or more users associated with such groups. This is apparent from 

inspection of the cited portion of Deinhart: 

Furthermore, the invention relates to a system for registration, authorization, and control 
of access rights of subjects on objects in a computer system, wherein the system 
comprises users, groups, and access control lists at each object providing the access rights 
on the respective object. 
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Again, the above merely indicates that Deinhart is concerned with enabling the registration, 
authorization, and control of access rights within a computer system, and in no way suggests the 
definition of users associated with various groups. 

Considering the final element of claim 1 , the Examiner has alleged that the recitation of 
defining user roles associated with at least one of the users is taught by Deinhart at col. 1, lines 
7-18: 

The present invention relates to the technical field of role-based access control methods 
and security systems in distributed and centralized computer systems. More specifically, 
the invention relates to a method for controlling access rights of subjects on objects in a 
computer system by controlling said access rights dependent on a membership of a 
subject to a role. Furthermore, the invention relates to a system for registration, 
authorization, and control of access rights of subjects on objects in a computer system, 
wherein the system comprises users, groups, and access control lists at each object 
providing the access rights on the respective object. 

However, the above excerpt from Deinhart does not suggest the definition of various user roles 
. in such a way that an association with particular users is established as claimed. In contrast, the 
present specification describes the manner in which user roles may be associated with users as 
follows: 

Define User Roles 

Once a user is enabled, the Key User may need to assign the users' administrative 
privileges for different areas of the system. The User Roles are primarily management 
level roles that involve approving the spending of money or the actual spending of 
money. Not every user in your company will have this authority. It's not necessary to 
assign a User Role to give users standard access to the system. Once you've enabled 
them, they automatically have standard access. 

User Roles are assigned as follows: 

❖ Log in to the home page o the provider of the present invention 
(SourceFinder in the example screen shots provided herein). 

❖ Select Key User Interface button 

❖ Select "User Roles" from the menu 

❖ Locate the user's name in the left-hand column and indicate which 
function each user will be given access to by checking the 
appropriate boxes by that person's name. 

[46:13-27] 

Applicant thus respectfully submits that Deinhart fails to describe, suggest or otherwise 
render obvious a number of aspects of the present invention as defined by claims 1-18 and 27-30. 
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Applicant has also reviewed the Nummelin reference and observes that it does not appear to 
remedy any of Deinhart' s deficiencies with regard to the subject matter of these pending claims. 

Considering now the initial portion of the Examiner's rejection of claim 19, the Examiner 
states that: 

Deinhart renders obvious independent claim 19 by the following: 

"a project manager for creating a project,. . ." taught by Deinhart at col. 2 lines 27-41; 

"one or more internal,. . ." taught by Deinhart at col. 7 lines 16-30; and 

". . ., said project manager" taught by Deinhart at col. 1 lines 7-18 

Turning to the first element of claim 19, the Examiner indicates that the recitation of a 

"project manager for creating a project" is taught by Deinhart at col. 2, lines 27-41: 

The system administrator has to create a new role when a person remains in his job 
position but changes his location or project. This will cause higher costs or even less 
system security. Furthermore, since a role includes the union of all accesses and objects 
which users of that role have in different organization units of the enterprise. This means 
that the role will not necessarily contain the least privileges necessary for the functions of 
that role, i.e., a violation of the "Least Privilege Principle". However, if one attempts to 
mitigate the lack of access granularity with defining different roles based on access and 
object contexts, which may be possible in some designs, an administrative mechanism 
becomes necessary to relate these roles so that their consistent administration, e.g., 
update, becomes possible. Such a mechanisms is not available today. 

Applicant fails to appreciate the manner in which the above describes or suggests either a 
project manager or the way in which a project manager could be used to create a project. In 
addition, Applicant notes that pending claim 19 further recites each of said projects being 
defined by a project management tree containing a plurality of data objects disposed to 
cooperatively effect a project management function. In this regard it is respectfully submitted 
that none of the cited references suggest a data structure in the form of a project management 
tree, nor is there a suggestion of a plurality of data objects capable of cooperating to perform 
project management functions. 

As for the element of claim 19 relating to one or more internal departments, the 

Examiner cites Deinhart at col. 7 lines 16-30. 

The FIG. 2A gives an overview for the method of role type instantiation. Persons 5 that 
are users of an enterprise computer system are employees acting in assigned job positions 
6. Each job position 6 is associated with a set of functional tasks and, thus, these tasks are 
associated with users in the enterprise organization hierarchy. Each task requires a set of 
competencies, which can be viewed as a set of specific access rights to a set of objects 4 
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necessary to carry out that task. Hence, each job position 6 ultimately associates a user 
with specific access rights to a set of objects 4. Thus, a security administrator must be 
able to associate these rights, objects, and transactions with the job positions of the 
enterprise organization. To enable this, the concepts of role types and role instances are 
defined. 

Applicant understands the above to pertain to the association of access rights and the like with 
various job positions. Accordingly, Applicant fails to appreciate the manner in which the above 
in any way suggests a project manager, one or more internal departments coupled to the project 
manager, or one or more suppliers coupled to the project manager as claimed. Clarification is 
respectfully requested. 

Although the Examiner alleges that Nummelin teaches the creation of a project for an 
enterprise, even if this is true it would not supplement the deficiencies of Deinhart with regard to 
the elements of claim 19 discussed above. Accordingly, Applicant respectfully submits that the 
Deinhart in combination with Nummelin does not describe or suggest the invention of claim 19. 

With respect to claims 2, 3, and 20, the Examiner asserts that Deinhart teaches the 
recitation of "interfacing with project management server" at col. 2, lines 27-41 (reproduced 
above). Applicant respectfully submits the cited portion of Deinhart does not describe the 
definition of "external agencies" of the interfacing of the same with a project management 
servers. Clarification is respectfully requested. 

As for claim 5, Applicant has previously indicated the reasons why the cited portions of 
Deinhart do not appear to describe either a project management server or the creation of projects. 

With respect to claim 6, Applicant has reviewed Deinhart at col. 7, lines 16-30 and finds 
no suggestion of a project tree data structure containing one or more hierarchically organized 
objects. 

Considering claim 7, Applicant is unable to identify any suggestion of budgets, tasks, 
costs, timesheets, specs or the like within Deinhart at col. 3, lines 5-54. 

Turning now to claim 8, the Examiner has indicated that Deinhart in cols. 1 and 7 
suggests several of the recited elements. However, Applicant has reviewed these portions of 
Deinhart and is unable to identify any suggestion of a "customized home page", a user identifier, 
a project management server, or a project tree. Clarification is respectfully requested. 
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With respect to claims 9, 10, 1 1 and 18, Applicant fails to appreciate the manner in which 
the cited portion of Deinhart suggest either a "project tree", a "project", "object within the 
project tree" or a "customized home page", 

Notwithstanding the clear distinctions between the inventions of claims 1 and 27 and the 
systems of Deinhart, Nummelin and Doyle, claims 1 and 27 have been similarly amended in 
order to more particularly highlight the structure of the inventive project manager. In particular, 
claims 1 and 27 now recite that ones of the projects are defined by project management trees 
containing one or more data objects disposed to cooperatively effect project management 
functions. For the reasons discussed above, none of the cited references describe or suggest this 
type of project management structure. 

Accordingly, it is respectfully submitted that the pending claims define subject matter 
patentable in view of Deinhart, Nummelin and/or Doyle. Applicant respectfully requests entry 
of these amendments prior to further examination of the above-identified application. The 
undersigned would of course be available to discuss the present application with the Examiner if, 
in the opinion of the Examiner, such a discussion could lead to resolution of any outstanding 
issues. 

Dated: February 13, 2003 Respectfully submitted, 
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VERSION WITH MARKINGS TO SHOW CHANGES MADE 



In the Claims 

1 (Twice Amended). A method for managing enterprise operations comprising: 

logging on to a project manager server from a computer networ k, said project manager 
server executing a project manager for creating projects based upon project management trees 
containing one or more data objects disposed to cooperatively effect project management 
functions ; 

defining one or more organizational entities within the enterprise; 
defining one or more user groups associated with each of the organizational entities; 
defining one or more users associated with each of the user groups; and 
defining user roles associated with at least one of the users. 

27 (Amended). A project management system for managing operations of an enterprise, said 
system comprising: 

a centralized server computer, said server computer being configured to execute a project 
manager disposed to (a) create projects for said enterprise wherein ones of said projects are 
based upon project management trees containing one or more data objects disposed to 
cooperatively effect project management functions , (b) define one or more organizational entities 
within the enterprise, (c) define one or more user groups associated with each of the 
organizational entities, and (d) define one or more users associated with each of the user groups; 
and 

at least one user computer configured to log on to said centralized server computer and 
access said. project manager. 
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